Topic: [SOLVED] wolfSSL_CTX_load_verify_buffer(...) fails

I am trying to validate a cert file from a buffer. I validated that cert file is true in my Linux machine. But when i try to validate it Cortex-M MCU, it stucks.

Configuration:

#define SINGLE_THREADED
#define FREERTOS
#define NO_FILESYSTEM
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM

#define WC_NO_HARDEN
#define NO_WRITEV
#define HAVE_DH
#define HAVE_ED25519
#define HAVE_SHA512
#define NO_SHA
#define NO_OLD_TLS
#define WOLFSSL_SHA512
#define WOLFSSL_STM32F4
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
#define NO_INLINE
#define WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_GMTIME




wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Date BEFORE check failed
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return -150
wolfSSL error occurred, error = -150
CA Parse failed, with progress in file.
Search for other certs in file

Share

Re: [SOLVED] wolfSSL_CTX_load_verify_buffer(...) fails

Hi burakkirazli,

See "Date BEFORE check failed" message above. The -150 error (from wolfssl/wolfcrypt/error-crypt.h) "ASN_BEFORE_DATE_E  = -150,  /* ASN date error, current date before */".

Your RTC time is not setup properly, so the certificate date check is failing. Here are the possible solutions:

1. Setup your RTC correctly via the XTIME macros. Example here: https://github.com/wolfSSL/wolfssl/blob … ngs.h#L449

2. Override the date error in the verify callback (see this example: https://github.com/wolfSSL/wolfssl/blob … t.h#L1721)

3. Disable all certificate date checking by disabling NO_ASN_TIME. Do note that this will allow expired certificates to be used.

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] wolfSSL_CTX_load_verify_buffer(...) fails

All solutions work for me.

Thanks.

Share